From: Denis Rastyogin <gerben@altlinux.org> virSecretSetValue() previously checked for NULL `value`, but did not handle the case where `value_size` is 0. This could lead to `new_value = g_new0(unsigned char, value_size)` returning NULL and subsequent `memcpy(new_value, value, value_size)` dereferencing a NULL pointer. Adding a check prevents this possible issue. Found by Linux Verification Center (linuxtesting.org) with SVACE. Reported-by: Vadim Urtaev <v.urtaev@fobos-nt.ru> Signed-off-by: Denis Rastyogin <gerben@altlinux.org> --- src/libvirt-secret.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libvirt-secret.c b/src/libvirt-secret.c index 4d0c88745d..e4391d1841 100644 --- a/src/libvirt-secret.c +++ b/src/libvirt-secret.c @@ -569,6 +569,7 @@ virSecretSetValue(virSecretPtr secret, const unsigned char *value, virCheckReadOnlyGoto(conn->flags, error); virCheckNonNullArgGoto(value, error); + virCheckNonZeroArgGoto(value_size, error); if (conn->secretDriver != NULL && conn->secretDriver->secretSetValue != NULL) { int ret; -- 2.42.2